[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: radius to pam with 2FA from duo
From: Alan DeKok <aland () deployingradius ! com>
Date: 2019-07-26 18:48:55
Message-ID: 44D16386-FDD9-416C-8B01-8217AAFC12C5 () deployingradius ! com
[Download RAW message or body]
On Jul 26, 2019, at 12:55 PM, Andrew Meyer via Freeradius-Users \
<freeradius-users@lists.freeradius.org> wrote:
>
> Hello,
> I am trying to get FreeRADIUS working with 2FA. I have it mostly setup. I can see \
> in the debug output that saying my user exists in the system. However I'm still \
> getting Access-Reject from my client.
> Here is the output from FreeRADIUS (using the FreeRADIUS repo)
> (0) Received Access-Request Id 98 from 10.150.1.190:37142 to 10.150.1.153:1812 \
> length 92 (0) User-Name = "test"
> (0) User-Password = "Password!1234"
> (0) NAS-IP-Address = 10.150.1.190
> (0) NAS-Port = 0
> (0) Message-Authenticator = 0xef25474df3491218de56a2d8874cfe47
> ...
> (0) pam: Using pamauth string "radiusd" for pam.conf lookup
> (0) pam: ERROR: pam_authenticate failed: Error in service module
> (0) [pam] = reject
That error comes from PAM, not from FreeRADIUS.
> [root@radius01 ~]# cat /etc/pam.d/radiusd
> #%PAM-1.0
> #auth include password-auth
> auth requisite pam_duo.so forward_pass
> account required pam_nologin.so
> account include password-auth
> password include password-auth
> session include password-auth
> [root@radius01 ~]#
Something in that config is wrong, or is saying "no user".
What's wrong? I don't know. PAM is fanatical about producing useless errors. \
And it's been ~15 years since I did anything with PAM.
> Should I have changed the radius pam config file? Should I have changed the \
> password-auth config file instead? Eventually I want this work with SSH.
I have no idea. Ask the PAM people how their software works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic